On the Windows platform, some versions of SecureCRT 9.2.x and newer are unable to verify SSH2 server host keys that have bit sizes which are not a multiple of 256 (e.g., Dropbear, some Cisco switches, some Cisco ASR routers, etc.). Connection attempts to such SSH2 servers with unusual host key bit sizes can result in the following error occurring during initial key exchange:
The client has disconnected from the server. Reason: The server's host key failed to verify.
In the case where this error is associated with an SSH2 server's host key having a bit size that is not a multiple of 256, the problem is most likely associated with a known issue caused by an updated cryptographic library used by SecureCRT version 9.2 and newer. See the "Known Issue" section of the following advisory:
While a newer encryption library is available from the vendor which resolves this issue, the newer library has not yet been certified with binary compliance to FIPS 140-2. FIPS certification is a process which takes an indeterminate number of months or years, so we are unable to provide an ETA for a fix that provides FIPS capability in SecureCRT.
Possible solutions involve one of the following options:
Note to SecureFX users: This documentation is written specific to SecureCRT, but also may apply to SecureFX versions 9.2 and newer for the SFTP and SCP protocols.
VanDyke Software uses cookies to give you the best online experience. Before continuing to use this site, please confirm that you agree to our use of cookies. Please see our Cookie Usage for details.
Here you can control cookies using the checkboxes below. Some cookies are essential for the use of our website and cannot be disabled. Others provide a convenience to the user and, if disabled, may reduce the ease of use of our site. Finally, some cookies provide anonymous analytic tracking data that help us provide the user with a richer browsing experience. You can elect to disable these cookies as well.
